All releases of Gibraltar Firewall

Release Notes: This release has been updated to kernel 2.6 and a
fresh base system based on Debian 5.0 (codename Lenny). Additional, notable changes and new features are full support for IPv6, policy routing setup via a Web interface with support for multiple default routes in fail-over as well as load-balancing configurations, layer7 match support to mark traffic based on protocols instead of ports, official support for WLAN interfaces, use of overlay filesystems and standard initramfs tools, and that OpenVPN can now be used without client certificates for direct integration with LDAP or Microsoft Active Directory.

Release Notes: Major new features in this release include official support for Snort as an intrusion detection system and full integration of the Puresight Enterprise variant for advanced user-based authorization and reporting. SSL Explorer plugins can now beinstalled. There were substantial improvements in traffic shaping performance, support for transparent virus scanning for HTTP, POP3, and FTP even without a hard disk, and the beginnings of full WLAN access point functionality.

Release Notes: This release introduces major new features: a
dynamic content filter for HTTP based on
Puresight, SSL-VPN with the SSL Explorer community
addition, a captive portal based on Chillispot, an
OpenVPN module in the Web administration
interface, unified user management based on
OpenLDAP and Freeradius that is now integrated
with all services and allows optional use of
Active Directory, a complete redesign of the
traffic shaping module for more flexibility and
complex scenarios, and various additions to the
integrated Spamassassin.

Release Notes: This release adds three major new features:
accounting/monitoring,
anonymization, and failover. Many system and
network parameters are now
collected and stored in round-robin databases for
detailed graphical
analysis. Strong anonymization is provided by the
integration of tor,
anon-proxy/JAP, and freenet, to allow users to
remain in control of
their private connection data. "heartbeat" with
improved scripts has
been integrated for hot-standby failover. This
will allow connections to
remain open even during the failover, and is thus
completely transparent
to clients and servers.

Release Notes: This release significantly improves the speed of the Web interface, and solves a previous issue with license checks in high-bandwidth cases. An important change is the introduction of the TCP window tracking patch to the firewall code, which checks TCP connections much more thoroughly than before. Another change is that FreeS/WAN has been replaced with its successor Openswan, which uses compatible config files, so this replacement should not need any changes in current configurations.

Release Notes: This is a new major release with many changes, focusing on content inspection. HTTP, SMTP, and POP3 traffic can be checked for viruses (clamav and Kaspersky anti-virus) and SPAM, HTTP and POP3 even transparently. User authentication for HTTP has been added, either via user lists or by integrating with MS Active Directory. The base system has been updated, and is now based on a hardened and enhanced 2.4.26 kernel which includes additional firewall match modules (e.g. the P2P traffic match module).

Release Notes: This release fixes the brk() local root vulnerability by updating to kernel 2.4.23, altough local users are not used by default on Gibraltar. Additionally, the PAX patch has been applied to the kernel, making it a lot less vulnerable to buffer overflow exploits in general.

Release Notes: This is the first combined free and commercial release. A combined release is easier to maintain. For the freeware version, nothing will change; but it is enough to upload a valid license key to transform it to the commercial version with the newly developed Web administration interface. Other changes include the official out-of-the box support for Alcatel USB Speedtouch ADSL modems and IPSec NAT traversal support. IPSec now uses CA-signed X.509 certificates instead of self-signed ones.

Release Notes: The major security fix is for pptpd. It has been
upgraded to a new development version that fixes the
problem while glibc has been downgraded to the
version available for Debian woody, which has the fix
applied. If you use the pptpd service, then it is
recommended to upgrade as soon as possible, since
there already exists exploit code for this vulnerability
(even if it doesn't work with current Gibraltar versions).